let a be read-write Int-Location ; :: thesis: for s being State of SCM+FSA st a <> intloc (3 + 1) & a <> intloc (1 + 1) holds
(IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a
let s be State of SCM+FSA ; :: thesis: ( a <> intloc (3 + 1) & a <> intloc (1 + 1) implies (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a )
assume A1: ( a <> intloc (3 + 1) & a <> intloc (1 + 1) ) ; :: thesis: (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a
set s1 = Exec (AddTo (intloc (3 + 1)),(intloc 0 )),(Initialize s);
set s2 = IExec ((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 ))),s;
A2: (Exec (AddTo (intloc (3 + 1)),(intloc 0 )),(Initialize s)) . a = (Initialize s) . a by A1, SCMFSA_2:90
.= s . a by SCMFSA6C:3 ;
A3: (IExec ((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 ))),s) . a = (Exec (SubFrom (intloc (1 + 1)),(intloc 0 )),(Exec (AddTo (intloc (3 + 1)),(intloc 0 )),(Initialize s))) . a by SCMFSA6C:9
.= s . a by A1, A2, SCMFSA_2:91 ;
per cases ( s . (intloc (4 + 1)) > 0 or s . (intloc (4 + 1)) <= 0 ) ;
suppose s . (intloc (4 + 1)) > 0 ; :: thesis: (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a
hence (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = (IExec (Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),s) . a by SCM_HALT:54
.= (Exec (SubFrom (intloc (1 + 1)),(intloc (1 + 1))),(Initialize s)) . a by SCMFSA6C:6
.= (Initialize s) . a by A1, SCMFSA_2:91
.= s . a by SCMFSA6C:3 ;
:: thesis: verum
end;
suppose s . (intloc (4 + 1)) <= 0 ; :: thesis: (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a
hence (IExec (if>0 (intloc (4 + 1)),(Macro (SubFrom (intloc (1 + 1)),(intloc (1 + 1)))),((AddTo (intloc (3 + 1)),(intloc 0 )) ';' (SubFrom (intloc (1 + 1)),(intloc 0 )))),s) . a = s . a by A3, SCM_HALT:54; :: thesis: verum
end;
end;